Denial of service with Netbios-CIFS
Advisory ID |
CVE Number |
Date discovered |
Severity |
Advisory revision |
STORM-2020-005 |
|
03/06/2020 |
medium |
v1 |
Vulnerability details
Potential denial of service of the UTM during CIFS exchanges
Impacted products
Revisions
Version |
Date |
Description |
v1 |
03/06/2020 |
Initial release |
Stormshield Network Security |
CVSS v2 Overall Score: 4.5 
|
Analysis
|
Impacted version
|
An attacker can open a netbios session and send crafted netbios packets through the UTM in order to cause a denial of service.
If your filtering rules does not allow CIFS-over-netbios (nb-cifs) then you are not impacted.
|
- SNS 2.0.0 to 2.7.6
- SNS 2.8.0 to 2.15.0
- SNS 3.0.0 to 3.7.11
- SNS 3.8.0 to 3.10.1
- SNS 4.0.0 to 4.0.2
|
Workaround solution
|
Solution
|
Allow CIFS-over-Netbios exchanges only between trusted sources.
|
The SNS 2.7.7, 2.16.0, 3.7.12, 3.10.2 and 4.0.3 updates fix this vulnerability.
|
Access vector |
Access complexity |
Authentication |
Confidentiality impact |
Integrity impact |
Availability impact |
Adjacent Network |
Low |
None |
None |
None |
Complete |
Exploitability |
Remediation Level |
Report Confidence |
Unproven that exploit exists |
Official fix |
Confirmed |
Collateral Damage Potential |
Target Distribution |
None |
High [76-100%] |